Skip to content

Fix sendmmsg buffer overrun causing EFAULT when count > 1024 #607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Fix sendmmsg buffer overrun causing EFAULT when count > 1024 #607

Copilot wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 4, 2026
edited
Loading

The -g flag (sendmmsg) fails with "Bad address" (EFAULT) when the engine attempts to send more than 1024 packets at once.

Root Cause

send_packets_using_sendmmsg() declares struct mmsghdr mmsgs[1024] on the stack. The initialization loop caps at 1024 elements, but the sendmmsg syscall was invoked with the full count parameter:

for (i = 0; i < count && i < sizeof(mmsgs) / sizeof(mmsgs[0]); ++i)
    // Initialize mmsgs[i]

s = sendmmsg(fd, mmsgs, count, 0);  // count may exceed 1024

When count > 1024, the kernel accesses uninitialized memory beyond the array bounds.

Changes

Pass the actual number of initialized messages to sendmmsg:

s = sendmmsg(fd, mmsgs, i, 0);
if (s < (int) i)

Where i = min(count, 1024) after the loop.

Original prompt

This section details on the original issue you should resolve

<issue_title>sendmmsg() and recvmmsg() fail with bad address</issue_title>
<issue_description>### Description

When trying to transmit a 8GB file using the -j and -g parameters, the connection fails. The handshake seems to complete according to the debug logs. The following errormessage is printed:

12:56:42.361 [WARN] sendmmsg failed: Bad address
12:56:42.361 [WARN] engine: error sending packet for regular connection CF436FAFAB812484 - close it; src: 0.0.0.0:47305; dst: 10.0.0.2:4433; errno: 14

When using the exact same configurations but omitting the -j -g in both commmands, everything works as it should.
Using just one of the two options or on just one endpoint leads to the same error.

Environment:

  • Two machines with Debian Bullseye (Linux 5.10.0-8-amd64, x86_64)
  • One machine running the http_client, the other one running the http_server
  • Machines connected with direct 10G link. IP addresses 10.0.0.{1,2}, hostname server in /etc/hosts of the client
  • Client started with ./http_client -p file -7 download -H server -s server:4433/file -G logs -j -g
  • Server started with ./http_server -s 10.0.0.2:4433 -r www -c server,certs/cert.pem,certs/priv.key -G logs -j -g

Are there any known issues with those options?
Thank you for your help!</issue_description>

Comments on the Issue (you are @copilot in this section)

@dtikhonov Thank you for the bug report. We will get to this at some point.

If you could recheck this (it's been years), it would be great.</comment_new>
<comment_new>@dtikhonov
Thank you for the detailed analysis, @pkropachev!

Do you want to take a stab at fixing this?</comment_new>

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@dtikhonov
Fix sendmmsg bad address error by using actual initialized count
e0352f5 
Co-authored-by: dtikhonov <4528576+dtikhonov@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix sendmmsg and recvmmsg bad address error Fix sendmmsg buffer overrun causing EFAULT when count > 1024 Jan 4, 2026
Copilot AI requested a review from dtikhonov January 4, 2026 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dtikhonov dtikhonov Awaiting requested review from dtikhonov

Assignees

@dtikhonov dtikhonov

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sendmmsg() and recvmmsg() fail with bad address

2 participants

@dtikhonov